General
-
Target
Escalibur.exe
-
Size
621KB
-
Sample
240726-24qynsterc
-
MD5
a7a91134af3f39014eec4d3a7e1f0d21
-
SHA1
8c41514ddcc37004ea25ba71fda75ce66b89d04b
-
SHA256
8cfe089f2e525a7a38f5897bb9263a19435ea2982b68898ce0f6d53a8dd066a4
-
SHA512
37e8175766585e88468aee1f9203324e0dc7c7f2af2b47ee7e1419eea741fa928efcc3ae328a23fcba9901d1a3b63cbcff3ee86c0c0e92f15fff61527f65b563
-
SSDEEP
12288:laz9+wtZWvDGUeKGRivMiTXBej0wK3NQ1bDAAiwYKXF1YUUQK3FGJTIePGJGZVc:lah+oZiGKGRi3gjtKdU
Static task
static1
Behavioral task
behavioral1
Sample
Escalibur.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Escalibur.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Escalibur.exe
-
Size
621KB
-
MD5
a7a91134af3f39014eec4d3a7e1f0d21
-
SHA1
8c41514ddcc37004ea25ba71fda75ce66b89d04b
-
SHA256
8cfe089f2e525a7a38f5897bb9263a19435ea2982b68898ce0f6d53a8dd066a4
-
SHA512
37e8175766585e88468aee1f9203324e0dc7c7f2af2b47ee7e1419eea741fa928efcc3ae328a23fcba9901d1a3b63cbcff3ee86c0c0e92f15fff61527f65b563
-
SSDEEP
12288:laz9+wtZWvDGUeKGRivMiTXBej0wK3NQ1bDAAiwYKXF1YUUQK3FGJTIePGJGZVc:lah+oZiGKGRi3gjtKdU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-